Plant Security: Thwarting the Intent to Harm
Thanks to the Food Safety Modernization Act (FSMA), security is back in vogue. While the Bioterrorism Act hinted at security, FSMA explicitly requires defenses against intentional contamination of food due to sabotage, terrorism, counterfeiting or other deliberate means. Specific regulations have yet to be issued by FDA and may not be forthcoming until 2013, but the small community of specialists in food plant security are developing risk-assessment models and laying the foundation for continuous improvement in food defense.
Physical deterrence was the old-school answer to securing a facility. No one expects FDA rules for food defense to require specific hardware. As a practical matter, fencing is frequently unnecessary and sometimes out of the question. For example, Hormel’s Dubuque, IA plant, which commenced production in January 2010, is in an industrial park where local zoning rules prohibit fences. That doesn’t mean security is compromised, however: Securing the perimeter of the building against intruders is less expensive and more effective than securing the lot, security professionals point out.
“Food defense is more than physical security,” says Bill Ramsey, director of corporate security at Sparks, MD-based McCormick & Company Inc., and he cautions against a focus on the hardware of security. A fence might be advisable in a high-crime area, “but it also is one of the most expensive solutions, and it can be breached by an intruder,” he points out. The inaugural honoree of the Food Security Award from the National Food Processors Association in 2003, Ramsey will speak about plant security audits and food defense requirements in FSMA at Food Engineering’s Food Automation & Manufacturing Conference, April 22-25 in Fort Myers, FL.
Affordability is uppermost in the minds of food security specialists, and FDA officials are signaling that enough regulatory leeway will be provided to make food defense affordable for processors ranging from the $1 million local company to the multi-billion dollar international firm. Instead of approaching FSMA’s food defense requirements as a regulatory burden, organizations should consider the business purposes served by defensive systems, Mark Powers, a MillerCoors security professional, suggested at a Media Forum sponsored by ADT Security Services Inc. In a project involving 10 distribution centers, Powers claimed installation of surveillance equipment resulted in up to 25 percent ROI, with much of it coming from documented late-delivery penalties assessed against suppliers.
“Security technology can absolutely be an effective investment,” agrees Frank Pisciotta, president of Business Protection Specialists Inc., Raleigh, NC. Equipment is costly, he cautions, and buyers must beware of consultants’ interest conflicts. But if properly designed and implemented, long-term savings can accrue. “Utilization of technology for access control can be a one-time cost that eliminates over $120,000 of recurring contract security costs,” says Pisciotta by way of example.
Needed: one-stop shops
Physical security is a $120 billion business, estimates ADT, and significant advances are occurring in hardware—closed-circuit video, access-control devices, etc. High-definition and mega-pixel cameras are game changers, prompting many companies to upgrade analog cameras and event recorders. “Ten or 15 years ago, it was difficult many times to make out an individual’s facial features on videotape,” recalls McCormick’s Ramsey. “Now we can read license plates 500 feet away.”
Upgrading to IP cameras can be a costly proposition, however. Old cabling may have to be replaced, and integration with other devices can be as labor intensive as any other automation project. For the most part, end-users are on their own in piecing together a security infrastructure. Manufacturers of electronic access controls typically sell through dealers, who in turn subcontract lockset installation to locksmiths. FDA mandates are likely to make passive locks a thing of the past in food plants, suggests Brad Aikin, product manager for commercial electronic security at Ingersoll Rand Security Technologies Inc.’s Schlage division, and retrofitting off-line electronic locks or on-line devices can be daunting. If new doors and jams must be installed, capital costs escalate further.
Consequently, “wireless is where we’ve seen the greatest growth,” says Aikin, who is based in the company’s Carmel, IN headquarters. “Wireless is very reliable and extremely cost-effective for retrofitting a plant.” Electronic noise in an automated production setting can be an issue, he concedes, and end-users are advised to “vet the options to the conditions in their environment.” Long-wave frequencies such as 900 MHz can pass through walls and other barriers, though end-users are advised to include dynamic channel switching capabilities.
Electrified locks are subject to fire codes and must be reviewed by local authorities. Ingersoll Rand supplies fire alarms, ID cards and electrified locks but not cameras. Integration of all those systems is a growing need, which is why ADT expanded its capabilities last May with the acquisition of Proximex, a software vendor that developed a program to deliver what it calls physical security information management (PSIM). The idea is to integrate closed circuit TVs, access-control readers, fence sensors, fire alarms, guard houses and other elements of security, then generate phone calls or text messages to designated individuals when an alarm response is warranted.
“Companies are getting hundreds of alarms, and people aren’t responding properly,” maintains Richard Evans, manager-business development in Proximex’s suburban Chicago office. Energy companies are early adopters of PSIM technology for regulatory compliance, and he expects food companies to follow suit “when FSMA kicks in.”
The cost may seem onerous if viewed as simply a security expenditure, but PSIM also has potential to improve food safety and supply chain management. Any device with an IP address can be tied in. A truck equipped with GPS, for example, could stream real-time data on trailer temperatures, route deviations and other sensor-generated information. A break in the cold chain would be known long before a truck arrived at a loading dock.<br><br>
Food safety was the putative purpose of Arrowsight Inc.’s third-party video audits when the first cameras were installed at Plumrose USA’s Council Bluffs, IA meat plant seven years ago. OSI Group, an Aurora, IL-based meat processor and major supplier to McDonald’s, is another early adopter of Arrowsight’s outsource option. Major foodservice and retail customers routinely order security audits of their suppliers’ facilities. In the case of meat and poultry, the CARVER plus Shock methodology developed by USDA’s Food Safety and Inspection Service has existed since 2007 as a guide for conducting risk assessments and implementing an effective food defense program (see related story on page 84). Access control to sensitive areas within the plant is a central element, and cameras and card readers are effective enforcement tools. Raw materials and finished goods also need to be controlled, and part of the OSI program focuses on compliance with truck-seal protocols.
Security guards are responsible for tallying the number of seals and recording their serial numbers on a truck manifest. To ensure the process is executed properly, spot checks are performed by four cameras controlled from remote locations. Camera operators zoom in to count the seals and read their serial numbers, then compare the results with what is written on the manifest. “We try to use it as a training tool,” notes Justin Ransom, OSI’s assistant vice president-food protection & government affairs. Compliance with truck-seal protocols has been flawless, but if deviations were identified, the response would have been to review procedures and modify as needed, rather than use monitoring to punish workers
Spice rooms were identified as a particularly vulnerable area, according to Adam Aronson, CEO at Mount Kisco, NY-based Arrowsight. A red light flashes if unauthorized personnel enter the room, activating a live video stream. When authorized personnel enter, random surveillance occurs. Proximity cards distinguish between processing and sanitation personnel, and inappropriate contact with ingredients is flagged.
“We can look at video internally, but there is less bias when it is done by a third party,” says Ransom. He credits the efforts of USDA, Homeland Security and other agencies in prodding OSI “to step up our game” in food safety and defense. The alternative to continuous improvement is complacency. “More work needs to be done to improve security,” he believes. Building on the video monitoring program, OSI staged its first mock security event in 2010, replete with fake emergency vehicles and news crews, to ensure employees understand how to respond to deliberate sabotage. “It was a great tool,” he says. “We now do mock crisis drills at least once a year.”
ADT’s Don Hsieh dismisses truck seals as “a relatively inadequate level of protection. It’s low cost, but it doesn’t really alert a customer if something was stolen in transit.” And the director of commercial & industrial marketing at Boca Raton, FL-based ADT says food and beverage shipments are an inviting target for cargo hijackings, a $20 billion annual cost to US businesses. A tracking study by Freightwatch International ranked food & beverage as the top product category for thieves, accounting for 21 percent of all hijackings. The absence of serial numbers and a ready resale market make food an inviting target, according to Hsieh.
The supply chain poses external threats. Internal threats include disgruntled employees, cleaning crews, contractors, temporary workers and, potentially, sleeper cells within the organization. Access control might suffice for spice rooms, but mixing and other processes often are performed in open areas, where floor traffic is highest. Operator sign-in is one way to safeguard critical equipment, and higher levels of security are becoming an option. Keypads, card swipes and biometric readers are among the electronic-signature options on a dry ingredients packaging system from Haver Filling Systems, for example.
Electronic signatures also support traceability efforts, though few food manufacturers employ the technology. It is required in pharmaceutical production, however, where improved visibility to the process yields efficiency improvement, helping to cost justify the electronic-signature investment.
“Access control is pretty much a standard for the large facilities,” usually for building perimeters and occasionally in sensitive areas, reflects McCormick’s Ramsey, adding “it’s a system that needs many parts to work effectively.” Good hiring practices and continuous reinforcement of proper response to potential threats is a more cost-effective approach to security. “Some level of background investigation—checking references, for instance—will give you a level of confidence that you’re hiring people of good character,” he adds.
“If you recruit off the streets, you’re asking for problems.” Just as expectations for worker safety and food safety programs need to be reinforced, employees need to be reminded how to respond when a stranger walks through their work areas.<br><br>
FDA developed a 15-minute training video that helps food companies orient workers to food defense. “We use it in our program,” Ramsey says. “It’s simple but effective.” As chairman of the Grocery Manufacturers Association’s food defense working group, he has urged regulators to provide more such tools to help manufacturers meet FSMA’s objectives.
Security is a broader issue than food defense, and Ramsey believes companies will need to draw on outside resources to upgrade security up and down the supply chain. Small and mid-sized companies in particular will need more support, and he expects turnkey solutions to become available to execute and maintain security systems
Many factors come into play when deciding how to maintain security systems and manage recurring costs. The important point is preventing food defense and security from becoming a competitive liability. One way to do that is to approach spending as an investment that supports multiple business objectives, not simply security.
For more information:
Don Hsieh, ADT Security Services Inc., 561-988-3600,
Adam Aronson, Arrowsight Inc., 866-261-5656
Frank Pisciotta, Business Protection Specialists Inc., 919-758-8058
Eric Byres, Byres Security Inc., 250-390-1333, email@example.com
Brad Aikin, Ingersoll Rand Security Technologies Inc., 317-810-3412, firstname.lastname@example.org
Richard Evans, Proximex Division/ADT, 630-572-1200
|Cyber security and the PLC threat|
As college basketball coaches can attest, a zone is the best defense. The same tactic is appropriate when protecting industrial controls, suggests Eric Byres, vice president-engineering and chief technology officer at Byres Security Inc., Lantzville, BC.<br><br>
Zone defense against cyber attacks is part of the ANSI/ISA 99 standard for industrial automation and control systems. Before dismissing zones and conduits as security overkill, controls engineers need to consider the implications of the growth of business information systems and the end of the era of “security by obscurity,” says Byres.
It’s a consequence of Stuxnet, the worm that penetrated security protecting Iran’s uranium-enrichment project in 2010. Designed to disrupt an industrial process, Stuxnet targeted Siemens PLCs and HMIs, ultimately causing failure of the centrifuges used in Iran’s nuclear enrichment project.
A deployment of the ANSI/ISA-99 zones and conduit strategy begins by grouping zones of devices with common functionality and security needs, such as process control networks, supervisory controls, safety and enterprise networks. All conduits in the plant network also are identified, followed by analysis of potential threat sources and the consequences of an attack. Finally, an industrial security appliance is placed in each identified network conduit.
The fundamentals are well understood, but Byres believes complacency exists because of the historically low number of attacks on SCADA and PLC networks. Before Stuxnet, only 10 patches for PLCs were reported, he says. By Thanksgiving, there were 500, and “we’ll probably beat 1,000 before the end [of 2011],” he says. Hackers did not have industrial controls on their radar before, but that has changed, Byres adds. And the days of isolated control networks are over, with management information systems punching more and more holes into the plant floor. “Those holes represent an explosion of vulnerabilities,” he warns.
|A road map for plant security|
Proposed regulations for food safety under the Food Safety Modernization Act are months away, but a template of regulatory thinking on plant security was created five years ago by USDA’s Food Safety and Inspection Service (FSIS).
Acknowledging the need for a cost-effective approach and the varying needs of different-sized facilities, FSIS created a three-step approach titled “Developing a Food Defense Plan for Meat and Poultry Slaughter and Processing Plants.” It begins with a risk-assessment checklist, beginning with outside security and proceeding to building practices, processing areas, storage, shipping & receiving and personnel security. Answers to questions such as, “Do you regularly take inventory of keys to secured/sensitive areas?” guide the food defense team in identifying vulnerabilities and help define cost-effective actions in processing, storage, shipping & receiving and water & ice security.
Implementation is the final step, with particular emphasis on assigning responsibilities, training staff, conducting drills, developing contact lists and periodically reviewing and updating the plan.
CARVER is an acronym for six attributes: criticality, accessibility, recoverability, vulnerability, effect and recognizability. For example, if the introduction of threat agents at a particular plant would result in large losses of life or economic damage, it would be assigned a 10. If no loss of life and negligible economic consequences would result, it might be rated one or two.